From nobody Sun Feb 8 11:25:58 2026 Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 84C9B2BEFE3 for ; Thu, 18 Dec 2025 02:59:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766026787; cv=none; b=RD7hxSf4zPFWfL4ofkQOyoxZt7N+q8SqFBlu0Ckxgy42U789GhmC6CeWswTrbJ9tJODIHdpIbaoxHI/FFzIvgYoNRrYIm+mKswVYqwj8DkSqXWRfObf7pKFWwctJU+50qbAnm4JEs+3rnBn2vBGOpuobKIIhuGYdwc5w+lx4AXo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766026787; c=relaxed/simple; bh=WyvPve5LAklKO1fh6O+R/c1D7j2AerWk5OXJqsIwmsw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ZR9HkvMtJj2SsFl+4yP4Y2rcD4R5a3TeyO0508gPMdIPBvvzUioek0FyBmHkUmtngC9KOUoz+y/81I1khuM+ZGBsHr0V3kjn2x2kHjykAjDUBzHDTVhuy+RXpOPFirhWH7Yl9rKlCJA3bgFE7Oby652jrwmA+Y4vtZmQ59tJPNw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=HR68igvG; arc=none smtp.client-ip=209.85.210.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="HR68igvG" Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-7d481452588so15908b3a.3 for ; Wed, 17 Dec 2025 18:59:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1766026786; x=1766631586; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7Ue5x/b3wE4VR3QWVURKRvM1AZio0rSlcZc+u9XE/0k=; b=HR68igvGDvwNSFIYkmtguxQl1/Vx5asDPIGt5adBK10eJS/PxJ0oXVlYENeO69BtK0 GtsPMRqLgkbX5jzqOlW/fAWTsbcNyEDGfygWzUxXgoDKxSo09KwQTxrnm3YVkh1/2wwL 2GaB7VMS5ZnCWU3PJXmEorAw/FD0c8nzUJZUd69fxBI2adAJjoXQOXtj6npIAotH6jZA 5bf9vd4SlHn+kGbXJYs8b1Hk6MRNPvKCYv7GiaEB3lLkgKKA/QX8JZM4MZo193YHIz6k 7VIMyaHuGk8S7ROoebHc188c4bMXtIGTNR9oG48A4lMTcLzeMG5S+snbpz1zW8Ce1AHp G30A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766026786; x=1766631586; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=7Ue5x/b3wE4VR3QWVURKRvM1AZio0rSlcZc+u9XE/0k=; b=LkGH3ECEmQrPFK0hzhA1El1YpRkjcR1c1JzNMzlCcmcJ5KWd17fdirz/ixozG9Fkw/ O/lP8B/HBQO06lVpgFQcNEebNznxFnhR5BxxBONXEy3Uc5ug6Ac13zZnAWdTJpJjrK4C GBuGOX1MqzGdyE9vm16QGgpZIUGx+13KYE/Hj4t4Wt1zTPBGAEYtkY4vCRVYDGODJCsC hvc5BRKmV1dUO5vh10onz3pcZ+nBBuijcBPipNFlp2cyEmZUtR+NcCGn+HzfNirLvNCc eoYtJagDdFZWx+MMPt7bILokgvXZvc8CbTVCwYB0pmlNQFm8EjIUxjyLRDYpPXjixTKQ jbNw== X-Forwarded-Encrypted: i=1; AJvYcCUK0ig05aMyf4rahZ82pxsg6173FWbe14LhqyuYmvNdkIHS7+gDos4R1jgBfNbKkvBm5CvaDI0KH8hG8d0=@vger.kernel.org X-Gm-Message-State: AOJu0YyYOKoUXgGPkQgAFwsmrnBTqAqiNicn2snbZgh/Y95x7G0SFsdp T51QM9eGatUVniQC1UWY5pwD0dTlxpdcfR49yrxIG5ndTAcdaxpKBLyG X-Gm-Gg: AY/fxX4ya161veil8mclLo9kL3hwa+DpWzmlwFX1Cvie7SPFY4HTYMZG3KT3eYObrDU hkqCRg19V1QW2VpDeIIuZ84CkoOdeTRkX0ddOduPjrjKYoSOxv9JEcyn2l6M+0EZAji8mY89etK 5xMGfv8KFpBC/bsSn+RH5e/ddEjMjYxypGfv6cISSS/ikGmBXazdTlnTPSfMiqQOpNeHpbI+0Vv kCf4BaqazlnjUXQzuKMBYu+yRvqLRFU7eCyK0dVjns4EiAuc5WyN9vGG8mwyM85n4ce9BxugX7n X3kxSpulGX5Jjk1SnZLTiw+HSuRxhiYOfutqkHRS6gbcbS+mWgYapyW9TLUXCO0HWBcK58wefzd SIK6Ccry1lsdYMhIPsPWyX9CbkxwmmeWq/qaH9W/P/VUD6Q/RsflLQP+FMvALvi37B/d08UhyGu lt4m8akiuoDH2fulHCmaxQgUdQqHqHJ2NW6iLx5IRB1fJkx7uFCJ1qn8yXn/Y+ff26IuPY7jlv X-Google-Smtp-Source: AGHT+IGeJ+I3A3UGPKjnq4HN6ND6861/cZnOg8n9srw8IdydNPC11hCj3XY9cF8qTnRop/yukfUIkQ== X-Received: by 2002:a05:6a00:989:b0:7a2:855f:f88b with SMTP id d2e1a72fcca58-7fe53bbbe23mr551826b3a.3.1766026785647; Wed, 17 Dec 2025 18:59:45 -0800 (PST) Received: from poi.localdomain (KD118158218050.ppp-bb.dion.ne.jp. [118.158.218.50]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7fe14a5727fsm800985b3a.69.2025.12.17.18.59.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Dec 2025 18:59:45 -0800 (PST) From: Qianchang Zhao To: netdev@vger.kernel.org Cc: Krzysztof Kozlowski , Paolo Abeni , Jakub Kicinski , "David S. Miller" , Eric Dumazet , Simon Horman , linux-kernel@vger.kernel.org, stable@vger.kernel.org, Zhitong Liu , Qianchang Zhao Subject: [PATCH v3 1/2] nfc: llcp: avoid double release/put on LLCP_CLOSED in nfc_llcp_recv_disc() Date: Thu, 18 Dec 2025 11:59:22 +0900 Message-Id: <20251218025923.22101-2-pioooooooooip@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20251218025923.22101-1-pioooooooooip@gmail.com> References: <20251218025923.22101-1-pioooooooooip@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" nfc_llcp_sock_get() takes a reference on the LLCP socket via sock_hold(). In nfc_llcp_recv_disc(), when the socket is already in LLCP_CLOSED state, the code used to perform release_sock() and nfc_llcp_sock_put() in the CLOSED branch but then continued execution and later performed the same cleanup again on the common exit path. This results in refcount imbalance (double put) and unbalanced lock release. Remove the redundant CLOSED-branch cleanup so that release_sock() and nfc_llcp_sock_put() are performed exactly once via the common exit path,=20 while keeping the existing DM_DISC reply behavior. Fixes: d646960f7986 ("NFC: Initial LLCP support") Cc: stable@vger.kernel.org Signed-off-by: Qianchang Zhao --- net/nfc/llcp_core.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/net/nfc/llcp_core.c b/net/nfc/llcp_core.c index beeb3b4d2..ed37604ed 100644 --- a/net/nfc/llcp_core.c +++ b/net/nfc/llcp_core.c @@ -1177,11 +1177,6 @@ static void nfc_llcp_recv_disc(struct nfc_llcp_local= *local, =20 nfc_llcp_socket_purge(llcp_sock); =20 - if (sk->sk_state =3D=3D LLCP_CLOSED) { - release_sock(sk); - nfc_llcp_sock_put(llcp_sock); - } - if (sk->sk_state =3D=3D LLCP_CONNECTED) { nfc_put_device(local->dev); sk->sk_state =3D LLCP_CLOSED; --=20 2.34.1 From nobody Sun Feb 8 11:25:58 2026 Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CCC022F5485 for ; Thu, 18 Dec 2025 02:59:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766026794; cv=none; b=sytF/ysg21nyzXWBI2YoZRpjVRYHRZwa7gNfcWtsraWr2zSUS8gdYFdYY2xLRJnK71BTUf2se0IaeVLyOf4PjHC728qt0i1HMO1r6c0taun4IlSJQAgYeaey/Yzq8oNSxApgUnqJMrT/TXhVza1Q6rjIPOBYsg5K4K+q1LvwG68= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766026794; c=relaxed/simple; bh=JMe1NKX9+LRlV6iB7gIIlQogjxDZeA3/lEGWMoqAGZE=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=YNzFq5GwknyHW4MIdEsB2dMc5wsYqlBOIg1P59Clqcl6ctcHh7MlIYFSosxS5g4RykTbkR9r5ekmenu4fWKnd8FUY04p8oimRIknsDDjStLxKI8Iim5nZsBM5BKRB0PcdebxGdNDe410FlTD2WQCg3Lsw7Aq27LQd+TpOwd/GOM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=bHoNMrAz; arc=none smtp.client-ip=209.85.215.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="bHoNMrAz" Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-bc0dd142007so1259a12.2 for ; Wed, 17 Dec 2025 18:59:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1766026790; x=1766631590; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=lhtvv/nnzcntvywC/tr4tbEvzKikdNZmh60gHEEDoPQ=; b=bHoNMrAzTAOPHm8y/yiVGYlGhAgePCkPtvKXARRfsg55uZFV/yJ6iHvQlqmc4z3uiB 4Q0zZWiI/L4O5x+E2ufVlsBS64g3TKr6+1rxC+zODI4NbMhN5s1iQVgBkGZ2+cK8v0xH uXpMDBW9WFe6ARRo98aTlum5j9ofR4MzFOJ5TBcBFKzTsJdwi35d0AtRSBmjXuFxa0O8 N0vDp6urArWyx/fuAWK6PW7BJft+5m4am3fWkY3BXzlfrylDMANesE2XLy8Gr6qPMqb3 yp6zk1no+IcEBMhNIg+3JR28UJBeSZVzuRL9QGc6FgXoxzbtQyh/PODwr0h3VAblIiTM dDug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766026790; x=1766631590; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=lhtvv/nnzcntvywC/tr4tbEvzKikdNZmh60gHEEDoPQ=; b=JH9SduScNBuJz8RcSuy54jvoSWVBdWSPmrmMG3zzJl4ZTZTsf1PWuRpOWlyfl+D23R 469rx19pfa6Kmy873XRUzQNh/a4uk5b8regeKp+/hSa4AatTitgLt6hPMv2C1Zm9JbBh NSedwrj6XYrBAutXmWU98SdGZv07TzhmNl12g0RaXfnX4W+E87GfkUi4icgiStJ1KOac rCxEcFnNcLU7hOfKTRn/rZIy8YCiUGl8+YJw594yYHXsocfrHPYZTi2vUDzWJUxwoytY TKxvJNe5a2/bajGKEhpmzdzQ0vbaAjbXzqGjzfJUopxyM+ReG9UEvg9JyLpCUgTgoj4m zOPg== X-Forwarded-Encrypted: i=1; AJvYcCV2NpZeHPVQySL88btrHPyJQQMZu8qHw6PR8VtNmy7F48rvRGhhy9GaDooZ7E7Yes5oJw9RcDcYx3CvXpg=@vger.kernel.org X-Gm-Message-State: AOJu0YzdYOwrJD/8yJjAH06NA8QHxchMHtxC7hFRPev5s/LX9XqjEgZd CoDOVcKi0i0R1iQ1qoARvY7/BE1paauqjKTaVoZpACeK3+lUHWO9h971 X-Gm-Gg: AY/fxX5n0ibdvpeN4qhcQR7aUTKijRpzFPwI0YdR9sJYRQg7pB+HHXhWtr2lvJWMjwg ZSEvcxOOdDTZw5Ckx43F+fOpTuDTtcghnZqhUwV3R/yAWv8XDkuem1HrN6vixBTzJZEGJrk0LaN m3V6cEtn86xMbCXqMsZjWmZ4G1SsEzLMad1JNN1zdw7bL7gQuGQpEELFALHiCBwtC0i+4diXudN nSDI5dGtk12knMsdBmNh6gusa3swtYAervlkjKSBjCCe+ujHmzIZTyJd2bmU2O3zRXtXXLLcXul 9A5fYyvPQ4AItDSTyXnN1lokuQnvz0iTxOS05yxpV7LFjE3HeX9Jrlad05Lp1izaMJV552jl8Hg Cm7GRNEDnpk1nC6FUWGt9XyXjpGj2m14iOdgqbo36/eyHI00NZTPwHYX0FomoDihOKGDAWY/U4r XYdzixmgvs5BfGm0Ea6REpqrAb5H5awtKPKUID+aYIXDdxWsVWw0600GPkKyBa0EgG9Wmqg6tb X-Google-Smtp-Source: AGHT+IEXXsNXo4V+iPeVdeilF/ogXTHJKXHWyVHS1SyqG1zKI5aoRlu8AfsEk4yQBcYSiqZPunOd3A== X-Received: by 2002:a05:6a00:2d8d:b0:7ab:9850:25fb with SMTP id d2e1a72fcca58-7fe5188753cmr535463b3a.2.1766026789805; Wed, 17 Dec 2025 18:59:49 -0800 (PST) Received: from poi.localdomain (KD118158218050.ppp-bb.dion.ne.jp. [118.158.218.50]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7fe14a5727fsm800985b3a.69.2025.12.17.18.59.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Dec 2025 18:59:49 -0800 (PST) From: Qianchang Zhao To: netdev@vger.kernel.org Cc: Krzysztof Kozlowski , Paolo Abeni , Jakub Kicinski , "David S. Miller" , Eric Dumazet , Simon Horman , linux-kernel@vger.kernel.org, stable@vger.kernel.org, Zhitong Liu , Qianchang Zhao Subject: [PATCH v3 2/2] nfc: llcp: stop processing on LLCP_CLOSED in nfc_llcp_recv_hdlc() Date: Thu, 18 Dec 2025 11:59:23 +0900 Message-Id: <20251218025923.22101-3-pioooooooooip@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20251218025923.22101-1-pioooooooooip@gmail.com> References: <20251218025923.22101-1-pioooooooooip@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" nfc_llcp_sock_get() takes a reference on the LLCP socket via sock_hold(). In nfc_llcp_recv_hdlc(), the LLCP_CLOSED branch releases the socket lock and drops the reference, but the function continues to operate on llcp_sock/sk and later runs release_sock() and nfc_llcp_sock_put() again on the common exit path.=09 Return immediately after the CLOSED cleanup to avoid refcount/lock=20 imbalance and to avoid using the socket after dropping the reference. Fixes: d646960f7986 ("NFC: Initial LLCP support") Cc: stable@vger.kernel.org Signed-off-by: Qianchang Zhao --- net/nfc/llcp_core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/nfc/llcp_core.c b/net/nfc/llcp_core.c index ed37604ed..f6c1d79f9 100644 --- a/net/nfc/llcp_core.c +++ b/net/nfc/llcp_core.c @@ -1089,6 +1089,7 @@ static void nfc_llcp_recv_hdlc(struct nfc_llcp_local = *local, if (sk->sk_state =3D=3D LLCP_CLOSED) { release_sock(sk); nfc_llcp_sock_put(llcp_sock); + return; } =20 /* Pass the payload upstream */ --=20 2.34.1